Skip to content

Commit

Permalink
Merge pull request danielmiessler#11 from shipcod3/master
Browse files Browse the repository at this point in the history
Adding more payloads for PHP fuzz and 'malicious.txt', strings for finding backdoor shells, rootkits, botnets, and exploitable functions
  • Loading branch information
danielmiessler committed Feb 4, 2015
2 parents 312e524 + 84f0001 commit 424740c
Show file tree
Hide file tree
Showing 3 changed files with 202 additions and 3 deletions.
23 changes: 23 additions & 0 deletions Discovery/ASP_CommonBackdoors.fuzz.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
3fexe.asp
ASpy.asp
EFSO.asp
RemExp.asp
aspxSH.asp
aspxshell.aspx
aspydrv.asp
cmd.asp
cmd.aspx
cmdexec.aspx
elmaliseker.asp
filesystembrowser.aspx
fileupload.aspx
ntdaddy.asp
spexec.aspx
sql.aspx
tool.asp
toolaspshell.asp
up.asp
zehir.asp
zehir.aspx
zehir4.asp
zehir4.aspx
88 changes: 85 additions & 3 deletions Discovery/PHP.fuzz.txt
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,91 @@
/php
/phpsecinfo
/phpinfo
/phpmyadmin/
/phpMyAdmin/
/mysqladmin/
/phpMyAdmin
/phpmyadmin
/PMA
/admin
/dbadmin
/mysql
/myadmin
/phpmyadmin2
/phpMyAdmin2
/phpMyAdmin-2
/php-my-admin
/phpMyAdmin-2.2.3
/phpMyAdmin-2.2.6
/phpMyAdmin-2.5.1
/phpMyAdmin-2.5.4
/phpMyAdmin-2.5.5-rc1
/phpMyAdmin-2.5.5-rc2
/phpMyAdmin-2.5.5
/phpMyAdmin-2.5.5-pl1
/phpMyAdmin-2.5.6-rc1
/phpMyAdmin-2.5.6-rc2
/phpMyAdmin-2.5.6
/phpMyAdmin-2.5.7
/phpMyAdmin-2.5.7-pl1
/phpMyAdmin-2.6.0-alpha
/phpMyAdmin-2.6.0-alpha2
/phpMyAdmin-2.6.0-beta1
/phpMyAdmin-2.6.0-beta2
/phpMyAdmin-2.6.0-rc1
/phpMyAdmin-2.6.0-rc2
/phpMyAdmin-2.6.0-rc3
/phpMyAdmin-2.6.0
/phpMyAdmin-2.6.0-pl1
/phpMyAdmin-2.6.0-pl2
/phpMyAdmin-2.6.0-pl3
/phpMyAdmin-2.6.1-rc1
/phpMyAdmin-2.6.1-rc2
/phpMyAdmin-2.6.1
/phpMyAdmin-2.6.1-pl1
/phpMyAdmin-2.6.1-pl2
/phpMyAdmin-2.6.1-pl3
/phpMyAdmin-2.6.2-rc1
/phpMyAdmin-2.6.2-beta1
/phpMyAdmin-2.6.2-rc1
/phpMyAdmin-2.6.2
/phpMyAdmin-2.6.2-pl1
/phpMyAdmin-2.6.3
/phpMyAdmin-2.6.3-rc1
/phpMyAdmin-2.6.3-pl1
/phpMyAdmin-2.6.4-rc1
/phpMyAdmin-2.6.4-pl1
/phpMyAdmin-2.6.4-pl2
/phpMyAdmin-2.6.4-pl3
/phpMyAdmin-2.6.4-pl4
/phpMyAdmin-2.6.4
/phpMyAdmin-2.7.0-beta1
/phpMyAdmin-2.7.0-rc1
/phpMyAdmin-2.7.0-pl1
/phpMyAdmin-2.7.0-pl2
/phpMyAdmin-2.7.0
/phpMyAdmin-2.8.0-beta1
/phpMyAdmin-2.8.0-rc1
/phpMyAdmin-2.8.0-rc2
/phpMyAdmin-2.8.0
/phpMyAdmin-2.8.0.1
/phpMyAdmin-2.8.0.2
/phpMyAdmin-2.8.0.3
/phpMyAdmin-2.8.0.4
/phpMyAdmin-2.8.1-rc1
/phpMyAdmin-2.8.1
/phpMyAdmin-2.8.2
/sqlmanager
/mysqlmanager
/p/m/a
/PMA2005
/pma2005
/phpmanager
/php-myadmin
/phpmy-admin
/webadmin
/sqlweb
/websql
/webdb
/mysqladmin
/mysql-admin
/MySQLadmin
/MySQLAdmin
/login.php
Expand Down
94 changes: 94 additions & 0 deletions GrepStrings/malicious.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
# grep -Rn "shell *(" /var/www

passthru
shell_exec
system
phpinfo
base64_decode
chmod
mkdir
fopen
fclose
readfile
php_uname
eval
edoced_46esab
popen
include
create_function
mysql_execute
php_uname
proc_open
pcntl_exec
``
include_once
require
require_once
posix_mkfifo
posix_getlogin
posix_ttyname
getenv
get_current_user
proc_get_status
get_cfg_var
disk_free_space
disk_total_space
diskfreespace
getcwd
getlastmo
getmygid
getmyinode
getmypid
getmyuid
assert
extract
parse_str
putenv
ini_set
pfsockopen
fsockopen
apache_child_terminate
posix_kill
posix_setpgid
posix_setsid
posix_setuid
tmpfile
bzopen
gzopen
chgrp
chown
copy
file_put_contents
lchgrp
lchown
link
mkdir
move_uploaded_file
symlink
tempnam
imagecreatefromgif
imagecreatefromjpeg
imagecreatefrompng
imagecreatefromwbmp
imagecreatefromxbm
imagecreatefromxpm
ftp_put
ftp_nb_put
exif_read_data
read_exif_data
exif_thumbnail
exif_imagetype
hash_file
hash_hmac_file
hash_update_file
md5_file
sha1_file
highlight_file
show_source
php_strip_whitespace
get_meta_tags
str_repeat
unserialize
register_tick_function
register_shutdown_function

0 comments on commit 424740c

Please sign in to comment.